Software-defined networking security: pros and cons

Software-defined networking (SDN) is a new networking paradigm that decouples the forwarding and control planes, traditionally coupled with one another, while adopting a logically centralized architecture aiming to increase network agility and programability. While many efforts are currently being made to standardize this emerging paradigm, careful attention needs to be paid to security at this early design stage too, rather than waiting until the technology becomes mature, thereby potentially avoiding previous pitfalls made when designing the Internet in the 1980s. This article focuses on the security aspects of SDN networks. We begin by discussing the new security advantages that SDN brings and by showing how some of the long-lasting issues in network security can be addressed by exploiting SDN capabilities. Then we describe the new security threats that SDN is faced with and discuss possible techniques that can be used to prevent and mitigate such threats.